(RADIATOR) Tarpitting auth requests from naughty users..

Robert Blayzor noc at inoc.net
Thu May 8 07:58:58 CDT 2003


We have a braindead customer somewhere that has a DSL modem or PPPoE
client that's making a bad auth request (failed login) every 10 seconds.
It's been going on for weeks.  It's bloating up our failed login table
and bloating up log files.  While I know the obveious solution is to
apply LART and disconnect the user, that always isn't the best answer
when management jumps down your throat about it.  Long story.

Anyway, can Radiator tarpit or ignore bad requests for the same login
attempt (username, password and client pair) for a certain period of
time if the same auth fails X number of times within a specific period.

Ie:  If a client sends the same bad auth request 10 times within a two
minute period, ignore the requests for 60 minutes.  

Thanks in advance.

--
Robert Blayzor, BOFH
INOC, LLC
rblayzor at inoc.net

BOFH excuse #245: The Borg tried to assimilate your system, resistance
is futile 


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list